haze: use lanzaboote

2026-01-27 14:36:11 +01:00
parent 5bd14cffe9
commit 59458a3ba1
2 changed files with 24 additions and 0 deletions
--- a/modules/lanzaboote.nix
+++ b/modules/lanzaboote.nix
@@ -0,0 +1,23 @@
+{
+  self,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    self.inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  environment.systemPackages = [
+    # For debugging and troubleshooting Secure Boot.
+    pkgs.sbctl
+  ];
+
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+  };
+}